InfoSecBulletin Cybersecurity for mankind
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks.
According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, larger packets.
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.
In April this year, the largest packet rate attack peaked at around 840 million packets per second (pps), breaking the previous record of 809 Mpps set in 2021.
OVHcloud has noticed a significant increase in DDoS attacks with packet rates above 100 Mpps in the last six months.
Threat actors usually use DDoS attacks to overwhelm a target’s bandwidth (network-layer attacks) or resources (application-layer attacks), but now packet rate assaults are becoming more common.
“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.
The cloud provider said that the majority of the traffic in the record attack was made up of TCP ACK packets from around 5,000 IPs.
The company investigated and found that the attackers used MikroTik routers, specifically the CCR1036-8G-2S+ and CCR1072-1G-8S+ models. There are about 100,000 CCR devices connected to the internet, with approximately 40,000 of them being these two models.
According to OVHcloud, if a threat actor can control all these devices and turn them into a botnet, the botnet could potentially generate 2.28 billion packets per second (or Gpps).
Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.
Mirai botnet was the first to exceed 1 Tbps in 2016. Records of 3.47 Tbps and 2.5 Tbps were set in 2022. DDoS attacks over 1 Tbps are now common.
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.
In October last year, the industry saw some of the biggest Layer 7 DDoS attacks ever. They used the ‘HTTP/2 Rapid Reset’ zero-day vulnerability to launch record-breaking assaults, with the largest reaching 398 million requests per second.
